Vulnerabilities > Zohocorp > Manageengine Opmanager > 12.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-30 | CVE-2021-41288 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. | 7.5 |
2021-04-22 | CVE-2021-3287 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. | 7.5 |
2021-04-01 | CVE-2021-20078 | Path Traversal vulnerability in Zohocorp Manageengine Opmanager Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. | 9.4 |
2021-02-03 | CVE-2020-28653 | Unspecified vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. | 7.5 |
2020-06-04 | CVE-2020-13818 | Path Traversal vulnerability in Zohocorp Manageengine Opmanager In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. | 5.0 |
2020-05-07 | CVE-2020-12116 | Information Exposure vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. | 5.0 |
2020-04-20 | CVE-2020-11946 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Opmanager 12.5 Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. | 7.5 |